Your SlideShare is downloading. ×
0
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Thinking about SDN and whether it is the right approach for your organization?

589

Published on

Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and …

Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and accelerate application deployment and datacenter agility can be a phased approach that leverages your existing investment. Rapid delivery of applications to anyone, anywhere, at any time is complex—and many businesses struggle with it.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
589
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
38
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. April, 2014 F5 Synthesis Information Session
  • 2. Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q & A
  • 3. © F5 Networks, Inc 3 Mobility SDDC/Cloud Advanced threats Internet of Things “Software defined” everything HTTP is the new TCP
  • 4. © F5 Networks, Inc 4 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required API DOMINANCE Proxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management Service A Service C Service B Service D API v1 API v2 More intelligence needed in servicesMore applications need services
  • 5. © F5 Networks, Inc 5 Impact on Data Center Architecture: Network SOLUTION SPRAWL Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware OPERATIONAL INCONSISTENCY Introduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS
  • 6. “Leave No Application Behind”
  • 7. © F5 Networks, Inc 7 DDoS WAF SSL LTE 1000 Average number of applications deployed within an enterprise Applications require services Acceleration
  • 8. © F5 Networks, Inc 8 The selected few
  • 9. © F5 Networks, Inc 9 ADC ADC ADC ADC ADC ADC
  • 10. © F5 Networks, Inc 10 High-Performance Fabric Application Services BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
  • 11. © F5 Networks, Inc 11© F5 Networks, Inc. 11
  • 12. © F5 Networks, Inc 12 Software Defined Application Services4 The 4th Phase of the Evolution Application Delivery Controller1 Broadened Application Services2 Cloud Ready3 © F5 Networks, Inc. 12
  • 13. © F5 Networks, Inc 13 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models
  • 14. © F5 Networks, Inc 14 Software Defined Application Services Elements High-Performance Services Fabric
  • 15. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance
  • 16. High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy ScaleN TMOS TMOS TMOS TMOS Network [Physical • Overlay • SDN]
  • 17. High-Performance Services Fabric Throughput Connections per second Concurrent connections Multi-tenant instances per device Device service clusters Network [Physical • Overlay • SDN]*40K when combining admin instances with vCMP
  • 18. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance Data Plane Programmability Control Plane Management Plane
  • 19. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance Data Plane Programmability Control Plane Management Plane
  • 20. Software Defined Application Services
  • 21. © F5 Networks, Inc 21 Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today.
  • 22. © F5 Networks, Inc 22 Software Defined Application Services Availability Authoritative DNS Cloud Bursting CGNAT Disaster Recovery Business Continuity Global Load Balancing Intelligent EPC node selection Global Server LB Global Server LB DNS Caching & Resolving Load Balancing
  • 23. © F5 Networks, Inc 23 Software Defined Application Services PerformanceAccelerationCaching Optimization SPDY Gateway Application Optimization Traffic Shaping and QoS Compression Web Performance Optimization Traffic Management
  • 24. © F5 Networks, Inc 24 Software Defined Application Services Access & Identity Cloud Federation Endpoint Inspection Single Sign-OnAccess Control SAML Federation SSL VPNAnti-Malware Web Access Management Active Sync Proxy Secure Web Gateway .
  • 25. © F5 Networks, Inc 25 Software Defined Application Services Security DNSSEC ADF Anti-Fraud WAF DDoS SSL VPN Anti-Phishing DNS Security SSL intelligence SSL Inspection Programmability
  • 26. © F5 Networks, Inc 26 Software Defined Application Services Elements
  • 27. Fabric Connectors Module Connectors Cloud Connectors Orchestration Connectors Intelligent Services Orchestration BIG-IQ •Rest API
  • 28. Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-DefinedDataCenter Virtual Networks Service Chaining
  • 29. Public CloudHybrid Cloud BIG-IP BIG-IP Data Center Centralized Management Platform BIG - IQBIG - IQ
  • 30. Application Services Modules
  • 31. Software Defined Application Services Elements Simplified Business Models
  • 32. Good | Better | Best Flexibility Make it easier to adopt advanced F5 functionality Simplicity Consolidate into fewer common configurations BestValue Save when purchasing bundles Good Better Best VE Price Comparison Bought As Bundle Bought As Components Good Better Best Appliance Comparison BIG-IP Local Traffic Manager    BIG-IP Global Traffic Manager   Application Acceleration Manager   BIG-IP Application Protection   SDN Service   Advanced Routing   BIG-IP Access Policy Manager  BIG-IP Application Security Manager 
  • 33. Reference Architectures For Today’s Customer Challenges
  • 34. © F5 Networks, Inc 34 Reference Architectures Device, Network, Applications Bill of Materials • White Paper (Business) • Solution diagram(s) • Architecture diagram(s) • Product map diagram(s) • Customer Presentation • Solution Animation/Video • White paper (Technical) • Placemat leave-behind © F5 Networks, Inc. DDoS Protection S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting
  • 35. © F5 Networks, Inc 35 Reference Architectures Solution Documents…
  • 36. © F5 Networks, Inc 36 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1
  • 37. © F5 Networks, Inc 37 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The first tier at the perimeter is layer 3 and 4 network firewall services • Simple load balancing to a second tier • IP reputation database • Mitigates volumetric and DNS DDoS attacks TIER 1 KEY FEATURES
  • 38. © F5 Networks, Inc 38 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The second tier is for application-aware, CPU-intensive defense mechanisms • SSL termination • Web application firewall • Mitigate asymmetric and SSL-based DDoS attacks TIER 2 KEY FEATURES
  • 39. © F5 Networks, Inc 39 Recommended Practices Configuration Guide 2.3.2.5 Throttle GET Request Floods via Script The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: · URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 2.3.2.4 Enforce Real Browsers Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IP- Based Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. Figure 1. Insert a Javascript Redirect to verify a real browser 32 Page Detailed Guide…
  • 40. Cisco Partnership
  • 41. © F5 Networks, Inc 41 Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-DefinedDataCenter Virtual Networks Service Chaining
  • 42. © F5 Networks, Inc 42 F5 Platforms Hardware | Software | Cloud Programmability F5 SDAS Service Fabric Programmability BIG IQ Cloud Provisioning and orchestration of BIG-IP in AWS Two-way communication Configure application networking services Automated network and service provisioning Auto-scaling, application provisioning, and automated system maintenance and patching. Automate network and service provisioning, Integrate network virtualization and ADN services Partner Integration with Synthesis
  • 43. Cisco ACI Design Philosophy
  • 44. Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
  • 45. © F5 Networks, Inc. Benefits Drive Increase Reduce Future 45
  • 46. SDDC/Cloud

×